- Raleigh, NC, USA
- Permanent, Full time
- Credit Suisse -
- 15 Dec 18
Risk Governance Lead CISO # 121535
The CISO team is part of the first line of defense within Credit Suisse, whose mission is to ensure IT control objectives are set, effectiveness is measured, and residual risks are handled. You will be responsible for ensuring the CISO mission is realized for the IT Infrastructure and services division of the Bank, known as GCTO. The role will work with the CISO for GCTO Americas. The role will encompass aspects of risk assessment, overseeing penetration testing, advising senior business partners and key projects on secure, successful delivery and challenging and driving the risk posture of the Bank. The CISO GCTO team operates globally, and you will support global initiatives.
This role is primarily responsible for the overall risk governance, reporting and management of risks in the CTO, CDO, and Emerging Technology areas. This will include preparing, supporting and presenting at senior STC's and risk committees. Overseeing the creating, production, and monitoring or reporting metrics, and partnering with various governance functions across the Bank more broadly.
- The opportunity to contribute to a global - enterprise wide IT risk & security program covering all aspects of IT central services and infrastructure.
- You will lead, conduct, and/or coordinate risk and security reporting and management in line with enterprise risk governance and reporting frameworks, in the areas of IT such as:
- Cyber Security
- Desktop Security
- Infrastructure and Hosting Security
- Cloud Enablement
- Mobile technology
- Collaboration Tools Management
- Privileged Access Management
- You will work with key clients to collect information as required for risk reporting, management committee meetings, audit and compliance reporting help to drive strategic improvement in risk position and key initiatives.
- Work with IT & the business on controls to be implemented to ensure a secure, controlled and manageable risk environment.
- Assure that the client is being kept updated on any new IT risk management developments, such as new methodologies, policies, tools and/or services.
Credit Suisse maintains a Working Flexibility Policy, subject to the terms as set forth in the Credit Suisse United States Employment Handbook.
- Do you have a degree in Computing, Information Systems or related discipline?
- Are you experienced in handling or conducting IT Security Audit or Risk Assessment - evaluating controls against attack vectors and proposes remedial actions to mitigate risks?
- Do you have deep knowledge and understanding of an enterprise IT environment and the principles of IT Risk and Security?
- You have prior experience in the different fields of Infrastructure Systems Management or Support (e.g. desktop, server, storage and networks), third party vendor assessments and/or Internet Facing Applications assessments.(advantageous).
- You have experience in security in at least 2 of the domains outlined above (Cyber Security, Desktop Security, Collaboration Tools Enablement, etc.).
- You have understanding of NIST Cybersecurity Controls Framework.
- You have an excellent analytical & problem solving skills.
- You have an excellent written and verbal communication skills.
- You have excellent team and interpersonal skills.
- Are you able to work independently with minimal supervision?
- Deep understanding of the Financial Services industry and associated regulatory environment preferred.
- Information security or data privacy related certifications (e.g. CISSP, CISM or CISA).
- Information security or data privacy related studies and diplomas are an advantage.
For more information visit Technology Careers .